Spoofing and Redirection

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 50 minutes
Difficulty
Beginner
CEU/CPE
8
Video Transcription
00:00
>> Hello. We just talked about Smurf
00:00
and fraggle attacks and how they
00:00
involve spoofing the source address.
00:00
There's all sorts of spoofing.
00:00
In addition to IP address spoofing,
00:00
MAC address spoofing is really
00:00
common because a lot of times
00:00
switches are set up to only allow
00:00
specific MAC addresses to connect.
00:00
But MAC spoofing is as easy as any other type.
00:00
Email spoofing is where an attacker makes
00:00
a message look like it came from
00:00
your bank or some other entity,
00:00
and caller ID spoofing is where an attacker
00:00
spoofs the number that your caller ID shows you.
00:00
You think it's coming from someone you
00:00
trust but it's actually not.
00:00
Spoofing is all about impersonation and
00:00
usually when we're talking about IP or MAC spoofing,
00:00
it's all about modifying the source address
00:00
so it looks like it comes from somewhere else.
00:00
Now, with redirection attacks,
00:00
the attacker's goal is to send you to a server that
00:00
spoofed to look like a legitimate server or service.
00:00
Maybe you'll log into an Internet server but
00:00
the attacker has redirected you to
00:00
his web server that looks like yours.
00:00
It has a field for username and password,
00:00
and you type in your normal username and password.
00:00
But then the site displays a message that it's
00:00
temporarily unavailable and to try again later.
00:00
But now the attacker has your username and password.
00:00
A redirection is very common.
00:00
The attacker can send you to
00:00
the wrong DNS server or modify your cache.
00:00
But ultimately, if the attacker is able to
00:00
redirect you to his rogue site, at the very least,
00:00
it's a man in the middle attack and
00:00
the attacker can intercept information
00:00
like usernames and passwords
00:00
or financial information and so forth.
00:00
Redirection is something to be really concerned about.
00:00
Now, Address Resolution Protocol, or ARP,
00:00
is something that takes a known IP address and
00:00
is used to find out an unknown MAC address.
00:00
It sends out a broadcast that is basically
00:00
something like "Is anybody out there?
00:00
Host IP address 10, 1,1,1,"
00:00
>> and the host responds,
00:00
>> "That's me, here's my MAC address."
00:00
Once my client system has that information,
00:00
it stores it in the ARP cache or ARP cache.
00:00
Then the next time I need to send
00:00
that out to the IP address,
00:00
I don't have to broadcast out.
00:00
That information is stored in my cache.
00:00
If someone is able to modify that information,
00:00
then they can redirect me.
00:00
A cache is just the same regardless of whether it's
00:00
ARP or DNS or any other type of cache.
00:00
It's where we store information
00:00
>> that we're going to need
00:00
>> frequently so that way
00:00
we can access it quicker in the next time.
00:00
Anytime you hear about poisoning,
00:00
it means modifying the cache.
00:00
It's almost always for the purpose of redirecting.
00:00
DNS controls the world.
00:00
If I can redirect you to a bogus DNS server,
00:00
every time you type out the name of the server,
00:00
you're going to go where my DNS server sends you.
00:00
Obviously, that's very powerful.
00:00
Pharming is associated with modifying DNS records.
00:00
DNS keeps track of where your critical servers and
00:00
services are and if someone modifies that information,
00:00
then again, redirection can occur.
00:00
In addition to DNS,
00:00
there's also a static text file that
00:00
resides on client system called the host file,
00:00
and a host file was one of the tools we used for
00:00
name resolution before a DNS
00:00
was as efficient as it is today.
00:00
There would be a static host file that would
00:00
indicate that if someone types in server one,
00:00
then they should be sent to IP address 1,1,1,1.
00:00
But even though we don't use that today as
00:00
our primary source of name resolution,
00:00
the host files is still there.
00:00
If someone were to modify my hosts file,
00:00
they can redirects me as well.
00:00
It's worth it to learn our DNS
00:00
because it's such a powerful service.
00:00
We'll talk more about that next.
Up Next